show tacacs

This chapter provides show tacacs command output tables.

show tacacs

Table 1. show tacacs Command Output Descriptions
Field Description

active session #n

Numerical identifier of an active TACACS+ session.

login username

The username of the TACACS+ user.

login tty

The physical or logical port identifier for a user login.

time of login

The date and time of the TACACS+ login.

login server priority

The specified priority of the TACACS+ server used for login.

current login status

The current login status for this user (pass/fail).

current session state

The current operational state of the TACACS+ session.

current privilege level

The CLI privilege level assigned to the user (default assignments are shown below):
  • 0: Inspector (CLI only)
  • 1: Inspector (CLI and ECSEMS only)
  • 2: Inspector (FTP only)
  • 3: Inspector (CLI and FTP only)
  • 4: Inspector (CLI, FTP, and ECSEMS only)
  • 5: Operator (CLI only)
  • 6: Operator (CLI and ECSEMS only)
  • 7: Operator (FTP only)
  • 8: Operator (CLI and FTP only)
  • 9: Operator (CLI, FTP and ECSEMS only)
  • 10: Administrator (CLI only)
  • 11: Administrator (CLI and ECSEMS only)
  • 12: Administrator (FTP only)
  • 13: Administrator (CLI, FTP and Lawful Intercept only)
  • 14: Administrator (CLI, FTP and ECEMS only)
  • 15: Administrator (CLI, FTP, ECEMS and Lawful Intercept)

remote client application

The application type used by the remote client to access StarOS, if known:
  • telnet
  • ssh
  • ftp
  • console
  • unknown

remote client ip address

The IP address of the remote client. If the remote client IP address cannot be determined or is unknown, this field will contain all zeros or be blank. For example, logins via the ASR 5x00 console port typically are not assigned an IP address.

last server reply status

The last known server error code returned for this user session.

Total TACACS+ sessions

The total number of TACACS+ sessions that are currently active.

show tacacs client statistics

Table 2. show tacacs client statistics Command Output Descriptions
Field Description

last login failure time

The timestamp of the most recent failed TACACS+ authentication attempt.

successful connections

The total number of successful TACACS+ connections established with the TACACS+ server.

failed connections

The total number of connection attempts with a TACACS+ server that have failed.

authentication PASS

The total number of connections established with a TACACS+ server that have passed authentication.

authentication FAIL

The total number of authentication connections attempts with a TACACS+ server that have failed.

session starts

The total number of TACACS+ session starts. A session start is defined as the point at which the TACACS+ user has passed authentication.

active sessions

The total number of active TACACS+ sessions.

authorization errors

The total number of TACACS+ authorization errors.

accounting errors

The total number of TACACS+ accounting errors.

non-TACACS+ logins

The total number of non-TACACS+ logins. Note that the system can be configured to allow TACACS+ users to continue on to use non-TACACS+ authentication services if the user fails the TACACS+ login.

show tacacs priv-lvl

Table 3. show tacacs priv-lvl Command Output Descriptions
Field Description

priv-lvl

TACACS+ priv-level shown as an integer from 1 through 15.

cli

Access to StarOS CLI (yes or no).

ftp

Access to FTP (yes or no).

ecs

Access to Enhanced Charging Service (ECS) commands [yes or no].

li

Access to Lawful Intercept (LI) commands [yes or no].

authorization-level
Specifies the StarOS administrative authorization level for this privilege level:
  • administrator – Allows user to execute Administrator level configuration commands.
  • inspector – Allows user to execute Inspector commands.
  • operator – Allows user to execute Operator commands.
  • security-admin – Allows user to execute Security Administrator commands.

show tacacs session statistics

Table 4. show tacacs session statistics Command Output Descriptions
Field Description

active session #n

A numerical identifier assigned to an active TACACS+ CLI session.

task id

The software task ID assigned by the client to identify TACACS+ accounting statistics.

task instance

The software task instance ID assigned by the ASR 5000 for each active TACACS+ session.

login username

The username assigned to this TACACS+ session.

login tty

The logical or physical port identifier assigned for a TACACS+ login.

tty connect time

The time at which the TACACS+ connection was established.

session start time

The time and date of the TACACS+ session start time, which is defined as the time at which a TACACS+ user passes TACACS+ authentication.

pre-bytes in

The total number of bytes received from the TACACS+ server before the TACACS+ user was authenticated.

pre-bytes out

The total number of bytes sent to the TACACS+ server before the TACACS+ user was authenticated.

pre-packets in

The total number of packets received from the TACACS+ server before the TACACS+ user was authenticated.

pre-packets out

The total number of packets sent to the TACACS+ server before the TACACS+ user was authenticated.

bytes in

The total number of bytes (pre- and post-authentication) received from the TACACS+ server after the TACACS+ user was authenticated.

bytes out

The total number of bytes sent (pre- and post-authentication) to the TACACS+ server after the TACACS+ user was authenticated.

packets in

The total number of packets (pre- and post-authentication) received from the TACACS+ server for this TACACS+ session.

packets out

The total number of packets (pre- and post-authentication) sent to the TACACS+ server after the TACACS+ user was authenticated.

authen start requestssuccess

The total number of authentication start requests sent to the TACACS+ server that were successful.

authen start requestserror

The total number of authentication start requests sent to the TACACS+ server that were unsuccessful,typically due to a protocol error.

authen cont requestssuccess

The total number of authentication continue requests sent to the TACACS+ server that were successful.

authen cont requestserror

The total number of authentication continue (username and/or password) requests sent to the TACACS+ server that were failed, typically due to a protocol error.

authen start/cont repsuccess

The number of authentication start/continue Reply messages received from the TACACS+ server that were successful.

authen start/cont repfailure

The number of authentication start/continue Reply messages received from the TACACS+ server that failed.

authen start/cont reptimeout

The number of authentication start/continue Reply messages received from the TACACS+ server thattimed out.

author requests success

The number of TACACS+ authorization requests sent to the TACACS+ server that were successful.

author requests failure

The number of TACACS+ authorization requests sent to the TACACS+ server that failed.

author responsessuccess

The number of authorization responses received from the TACACS+ server that were successful.

author responsesfailure

The number of authorization responses received from the TACACS+ server that failed.

author responsestimeout

The number of authorization responses from the TACACS+ server that timed out.

account requestssuccess

The number of accounting requests sent to the TACACS+ server that were successful.

account requests error

The number of accounting requests sent to the TACACS+ server that were unsuccessful, typically due to a protocol error.

account replies success

The number of accounting replies from the TACACS+ server that were successful.

account replies failure

The number of accounting replies from the TACACS+ server that failed.

account replies timeout

The number of accounting replies from the TACACS+ server that timed out.

total active TACACS+sessions

The total number of currently active TACACS+ sessions.

show tacacs summary

The output of this command is identical to show tacacs